Good Gear Guide - Stories by Andreas M. Antonopoulos RSS feedhttp://www.goodgearguide.com.au/author/139880408/andreas-m-antonopoulos/articlesen-auWed, 05 Oct 2011 03:24:00 +1100Fail a security audit already -- it's good for youhttp://www.goodgearguide.com.au/article/402974/fail_security_audit_already_--_it_good/?utm_medium=rss&utm_source=authorfeedFailing an audit sounds like the last thing any company wants to happen. But that's because audits are seen by many as the goal of a security program. In reality, audits are only the means of testing whether enforcement of security matches the policies. In the broader context, though, an audit is a means to avoid a breach by learning the lesson in a "friendly" exercise rather than in the real world. If the audit is a stress-test of your environment that helps you find the weaknesses before a real attack, you should be failing audit every now and then. After all, if you're not failing any audits there are two possible explanations:Andreas M. AntonopoulosWed, 05 Oct 2011 03:24:00 +1100http://www.goodgearguide.com.au/article/402974/fail_security_audit_already_--_it_good/?utm_medium=rss&utm_source=authorfeedCompeting for privacy in a social media worldhttp://www.goodgearguide.com.au/article/400089/competing_privacy_social_media_world/?utm_medium=rss&utm_source=authorfeedFor years, Facebook users have been clamoring for better privacy controls and clarity, while Facebook engineers oscillate between improvements and major privacy snafus. Every now and then a new wave of exasperated users cry out "That's it, I'm leaving". Up to now, users really didn't have anywhere to go after quitting, so they effectively quit the social media scene, self-ostracized (MySpace is equivalent to being exiled, perhaps worse). Now that they have somewhere else to go (Google+), Facebook is ramping up its privacy controls and seems to be taking privacy more seriously. Let the privacy competition begin!Andreas M. AntonopoulosThu, 08 Sep 2011 08:48:00 +1000http://www.goodgearguide.com.au/article/400089/competing_privacy_social_media_world/?utm_medium=rss&utm_source=authorfeedHow to be an effective security buyerhttp://www.goodgearguide.com.au/article/384982/how_an_effective_security_buyer/?utm_medium=rss&utm_source=authorfeedIn previous columns I have repeatedly emphasized the importance of interoperability and the danger of security fragmentation. Security is so fragmented that it is often hard to discern between hype and reality. Large security vendors try to draw you into a single-vendor closed integration package. Small vendors try to sell you the latest magic bullet, presenting what should be a feature as a whole new industry. Inevitably, you are left to cobble together disparate systems in order to get the depth of defense and layering of controls that you need.Andreas M. AntonopoulosMon, 02 May 2011 21:45:00 +1000http://www.goodgearguide.com.au/article/384982/how_an_effective_security_buyer/?utm_medium=rss&utm_source=authorfeedSecurity fragmentation needs to endhttp://www.goodgearguide.com.au/article/383199/security_fragmentation_needs_end/?utm_medium=rss&utm_source=authorfeedA new week, a new rash of attacks against security vendors, email marketers and banks. It would be easy to point fingers and laugh at the irony, especially in the case of security vendors, but that would be both petty and shortsighted.Andreas M. AntonopoulosThu, 14 Apr 2011 07:45:00 +1000http://www.goodgearguide.com.au/article/383199/security_fragmentation_needs_end/?utm_medium=rss&utm_source=authorfeedSecurity will rescue cloud computinghttp://www.goodgearguide.com.au/article/380182/security_will_rescue_cloud_computing/?utm_medium=rss&utm_source=authorfeedWhenever the topic of security is mentioned in the context of cloud computing, it is usually discussed as the "big barrier" to adoption. The perceived or actual lack of security in the cloud makes it impossible for businesses to make the leap into this new computing paradigm. I propose a different perspective: Security will rescue cloud computing.Andreas M. AntonopoulosFri, 18 Mar 2011 06:46:00 +1100http://www.goodgearguide.com.au/article/380182/security_will_rescue_cloud_computing/?utm_medium=rss&utm_source=authorfeedMore censorship, data breaches and devices: Security predictions for 2011http://www.goodgearguide.com.au/article/371653/more_censorship_data_breaches_devices_security_predictions_2011/?utm_medium=rss&utm_source=authorfeedThis past year has been a doozy in the security world. Andreas M. AntonopoulosFri, 17 Dec 2010 08:04:00 +1100http://www.goodgearguide.com.au/article/371653/more_censorship_data_breaches_devices_security_predictions_2011/?utm_medium=rss&utm_source=authorfeedThe missing piece of cloud security?http://www.goodgearguide.com.au/article/361716/missing_piece_cloud_security_/?utm_medium=rss&utm_source=authorfeed<a href="http://www.networkworld.com/columnists/antonopoulos.html">Cloud computing,</a> especially <a href="https://www.networkworld.com/slideshows/2010/061510-cloud-security.html">public cloud</a> infrastructure-as-a-service is not yet a reality for the vast majority of companies. Recent announcements however, from VMware, Citrix and Oracle clearly show that <a href="http://www.networkworld.com/news/2010/061510-cloud-security-the.html">enterprise cloud computing</a> is <a href="http://www.networkworld.com/news/2010/092110-wall-street-eyes-cloud-computing.html?source=nww_rss">gaining momentum</a>.Andreas M. AntonopoulosWed, 22 Sep 2010 08:14:00 +1000http://www.goodgearguide.com.au/article/361716/missing_piece_cloud_security_/?utm_medium=rss&utm_source=authorfeedSecurity-as-a-service growinghttp://www.goodgearguide.com.au/article/358984/security-as-a-service_growing/?utm_medium=rss&utm_source=authorfeedWhen you ask IT professionals if they use cloud computing or software-as-a-service, most start by saying "no". But if you ask some follow up questions, you will quickly find out about "that one application" that is a SaaS application.Andreas M. AntonopoulosWed, 01 Sep 2010 01:32:00 +1000http://www.goodgearguide.com.au/article/358984/security-as-a-service_growing/?utm_medium=rss&utm_source=authorfeedGoogle's privacy afterthoughthttp://www.goodgearguide.com.au/article/344409/google_privacy_afterthought/?utm_medium=rss&utm_source=authorfeedA few days ago, 10 privacy commissioners from Canada, the United Kingdom, France, Germany, Italy, Spain, Israel, Ireland, The Netherlands and New Zealand wrote an open letter to Google's CEO Eric Schmidt asking for more proactive privacy protections in new applications. The commissioners are not objecting to Google's overall privacy policies, but to the way Google launches new services.Andreas M. AntonopoulosTue, 27 Apr 2010 06:12:00 +1000http://www.goodgearguide.com.au/article/344409/google_privacy_afterthought/?utm_medium=rss&utm_source=authorfeedMobile malware will test Android and iPhonehttp://www.goodgearguide.com.au/article/332269/mobile_malware_will_test_android_iphone/?utm_medium=rss&utm_source=authorfeed2009 ushered in mobile malware with the first (and second) iPhone worm appearing just before Christmas.Andreas M. AntonopoulosWed, 13 Jan 2010 07:59:00 +1100http://www.goodgearguide.com.au/article/332269/mobile_malware_will_test_android_iphone/?utm_medium=rss&utm_source=authorfeediPhone security problems bring new riskshttp://www.goodgearguide.com.au/article/325912/iphone_security_problems_bring_new_risks/?utm_medium=rss&utm_source=authorfeedIn just four days, not one but two worms targeting the iPhone have emerged. Both of the worms target the same vulnerability, a default password in the SSH server that is installed on jail-broken iPhones. While one worm is a mostly a nuisance, the second siphons personal information from the iPhone, which makes it a serious identity theft threat.Andreas M. AntonopoulosThu, 12 Nov 2009 04:35:00 +1100http://www.goodgearguide.com.au/article/325912/iphone_security_problems_bring_new_risks/?utm_medium=rss&utm_source=authorfeedUC security: When the shoe won't fit, compress the foothttp://www.goodgearguide.com.au/article/299291/uc_security_when_shoe_won_t_fit_compress_foot/?utm_medium=rss&utm_source=authorfeedIf your security model is location-centric and depends on keeping things separate, how do you respond to a disruptive technology like unified communications? This is a pattern that keeps repeating in many different areas: the security paradigm looked good until a technology comes along, changes the assumptions and reveals the inadequacy of the model.Andreas M. AntonopoulosWed, 15 Apr 2009 05:06:00 +1000http://www.goodgearguide.com.au/article/299291/uc_security_when_shoe_won_t_fit_compress_foot/?utm_medium=rss&utm_source=authorfeedNo excuses -- encrypt all laptopshttp://www.goodgearguide.com.au/article/254140/no_excuses_--_encrypt_all_laptops/?utm_medium=rss&utm_source=authorfeedEvery year, more than 5,000 laptops are lost in taxis in London, New York, Chicago and other large cities. According to our research, in 2008 companies' topmost security investment was laptop encryption. Laptop hard drives are getting bigger and now can hold hundreds of thousand to hundreds of millions of sensitive records.Andreas M. AntonopoulosWed, 23 Jul 2008 09:53:07 +1000http://www.goodgearguide.com.au/article/254140/no_excuses_--_encrypt_all_laptops/?utm_medium=rss&utm_source=authorfeedNetwork threats develop 'antibiotic' resistancehttp://www.goodgearguide.com.au/article/206807/network_threats_develop_antibiotic_resistance/?utm_medium=rss&utm_source=authorfeedThe scientific field of biology has provided many useful metaphors, such as "virus" and "infection," for the study of malware. Many researchers have used biology and evolution science to create innovative defenses against malware, in many ways simulating the functions of biological immunity systems. I find that biological sciences and especially evolution provide some great insights into the behavior of malware, malware creators and malware defenses over longer periods of time. I also see a lot of parallels between the evolution of malware and the evolution of darknets (stealthy peer-to-peer, or P2P, networks).Andreas M. AntonopoulosWed, 13 Feb 2008 09:13:09 +1100http://www.goodgearguide.com.au/article/206807/network_threats_develop_antibiotic_resistance/?utm_medium=rss&utm_source=authorfeedThe black market for identity thefthttp://www.goodgearguide.com.au/article/194978/black_market_identity_theft/?utm_medium=rss&utm_source=authorfeedA while back I looked at the maturing market dynamics of cybercrime black markets and found that as professionals have come to dominate the hacking scene, a whole series of black markets have emerged.Andreas M. AntonopoulosWed, 12 Sep 2007 12:00:00 +1000http://www.goodgearguide.com.au/article/194978/black_market_identity_theft/?utm_medium=rss&utm_source=authorfeed